CVE-2022-49766

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the netlink protocol. The issue involves bounds-checking for the creation of the struct nlmsgerr, which is used to handle error messages. To address this, the code has been modified to use nlmsg put() instead of nlmsg put(), and a bounds check has been added to prevent potential field-spanning writes when using memcpy() on a composite flexible array struct. This change avoids a future run-time warning about a detected field-spanning write.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.